Consumer rights group Which? Is calling for changes to the UK Data Protection Bill to make it easier for breach victims to seek redress, after revealing that nearly 10% of UK adults believe their data has been stolen in the past year.
The group wants the legislation, currently being debated in parliament, to be changed so that independent organizations acting in the public interest can help groups of affected consumers collectively seek in the event of a breach.
Which? claimed 74% of over 2000 consumers it surveyed supported the idea.
A fifth of Brits (20%) said they wouldn’t know how to start a claims process following a data breach, and a similar number (22%) claimed they wouldn’t know who is responsible for helping them when data is lost.
The rights group said 8% of those it spoke to think they have been subject to a data breach in the past year, while 73% say they’re concerned the personal information they have shared online could be at risk of a privacy leak.
“Data breaches are now more commonplace and yet many people have no idea what to do or who to turn to when their personal data is compromised,” argued Alex Neill, managing director of Which? home products and services.
“The government should use the Data Protection Bill to give independent bodies the power to seek collective redress on behalf of consumers when a company has failed to take sufficient action following a data breach.”
David Emm, principal security researcher at Kaspersky Lab, welcomed the move but argued that it’s also important for the general public to recognize the value of personal information.
“New data protection laws are designed to make organizations more careful, but regardless of this, it is important that, at an individual level, we know what information is being kept and how it’s being handled – which will also reduce the likelihood of it falling into the wrong hands,” he added.
“Being vigilant online needs to become second nature. Undertaking simple steps, like regularly changing passwords, reviewing default settings on social media and using internet security software across all devices can significantly help protect data.”
The Data Protection Bill will effectively transpose the GDPR into UK law so it will still apply post-Brexit.